Lucene search
K

10515 matches found

CNNVD
CNNVD
added 2024/02/29 12:0 a.m.3 views

WordPress Plugin ImageRecycle pdf & image compression security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.6AI score0.00372EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.4 views

WordPress Plugin SKT Page Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.4AI score0.00343EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.5 views

WordPress Plugin Directorist Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.5AI score0.00524EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.4 views

WordPress Plugin Customer Reviews for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.3CVSS6.6AI score0.00409EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/02/29 12:0 a.m.23 views

Wp Social Login and Register Social Counter < 3.0.1 - Missing Authorization to Unauthenticated Social Login/Share Status Update

Description The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated...

6.5CVSS6.6AI score0.0044EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/28 10:15 a.m.4 views

CVE-2024-1861

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihackertruncatescantable function in all versions up to, and including, 4.52. This mak...

4.3CVSS7.3AI score0.00361EPSS
Exploits0References2
CVE
CVE
added 2024/02/28 9:33 a.m.188 views

CVE-2024-1861

CVE-2024-1861 concerns the WordPress plugin “Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan” (antihacker). Affected versions: all prior to and including 4.52. Root cause: missing capability check in antihacker_truncate_scan_table(), enabling an authenti...

4.3CVSS5.2AI score0.00361EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/28 9:15 a.m.2 views

CVE-2024-1566

The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could...

6.5CVSS7.3AI score
Exploits0References2
Prion
Prion
added 2024/02/28 9:15 a.m.16 views

Design/Logic Flaw

The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicatedatpage function in all versions up to, and including, 0.1.1. This makes it possible for unauthenticated attackers to duplicate arbitrary posts and pages...

5CVSS5.2AI score0.00422EPSS
Exploits0References2
Prion
Prion
added 2024/02/28 9:15 a.m.18 views

Design/Logic Flaw

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templatesajaxrequest function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to...

4CVSS6.9AI score0.00457EPSS
Exploits0References2
NVD
NVD
added 2024/02/28 7:15 a.m.9 views

CVE-2024-1388

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

4.3CVSS4.3AI score0.0034EPSS
Exploits0References2
Prion
Prion
added 2024/02/28 7:15 a.m.16 views

Design/Logic Flaw

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

4CVSS4.4AI score0.0034EPSS
Exploits0References2
CVE
CVE
added 2024/02/28 6:46 a.m.89 views

CVE-2024-1388

CVE-2024-1388 affects the Yuki WordPress theme. Root cause: missing capability check in reset_customizer_options(), affecting all versions up to and including 1.3.13. Impact: authenticated users with subscriber+ can reset the theme settings, enabling unauthorized modification of data. Remediation...

4.3CVSS4.6AI score0.0034EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.4 views

WordPress Plugin Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Disable Json API, Login...

6.5CVSS6.7AI score0.00378EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.7 views

WordPress Plugin Redirects Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

6.5CVSS6.5AI score0.0053EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.3 views

WordPress Plugin Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan Security Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Disable Json API, Login...

4.3CVSS6.7AI score0.00361EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.4 views

WordPress Plugin Elementor Templates & Widgets for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.7AI score0.00457EPSS
Exploits0References3
OSV
OSV
added 2024/02/27 11:15 a.m.2 views

CVE-2024-1652

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS7.3AI score0.0034EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/27 11:5 a.m.26 views

CVE-2024-1650 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.6AI score0.0034EPSS
Exploits0References2
CVE
CVE
added 2024/02/27 11:5 a.m.123 views

CVE-2024-1649

CVE-2024-1649 affects the Categorify plugin for WordPress. The vulnerability arises from a missing capability check in categorifyAjaxDeleteCategory, affecting all versions up to and including 1.0.7.4. This allows authenticated users with subscriber-level access and above to delete categories. The...

4.3CVSS5.2AI score0.0034EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder